[DRIVERS-2823] Ensure openssl legacy unsafe renegotiation can be configured via the MongoClient Created: 02/Feb/24 Updated: 08/Feb/24 |
|
| Status: | Investigating |
| Project: | Drivers |
| Component/s: | Security, URI Options |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Alex Bevilacqua | Assignee: | Shane Harvey |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Driver Changes: | Needed | ||||||||||||||||
| Case: | (copied to CRM) | ||||||||||||||||
| Description |
|
Drivers that use TLS libraries or runtime TLS APIs based on openssl 3 may throw errors such as MongoServerSelectionError: C8320000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:c:\ws\deps\openssl\openssl\ssl\statem\extensions.c:922: in certain environments (such as when run behind corporate firewalls). To ensure developers can work around this, the SSL_OP_LEGACY_SERVER_CONNECT SSL option flag should be configurable via the MongoClient. |
| Comments |
| Comment by Bernie Hackett [ 08/Feb/24 ] | |||||||||||||
|
Good point about OpenSSL config. Not all languages use OpenSSL. Java and Rust do not, for example. | |||||||||||||
| Comment by Shane Harvey [ 08/Feb/24 ] | |||||||||||||
|
I forgot to add one consideration. Users of any language can already set SSL_OP_LEGACY_SERVER_CONNECT using the OPENSSL_CONF file:
So we could also just document this workaround instead of adding a new driver option for a legacy and insecure SSL feature. | |||||||||||||
| Comment by Shane Harvey [ 07/Feb/24 ] | |||||||||||||
|
I've looked into this issue and identified that these types of errors occur due to outdated or buggy SSL proxies. Such proxies mistakenly enforce legacy TLS renegotiation. A real example can be found in openssl/issues/21296:
I have tested MongoDB free tier and M30 found no issues connecting from python with openssl 3 from my home and office networks. So, I believe the least we can do is document this issue so that customers who encounter it will know to upgrade their network proxies or temporarily downgrade their client openssl version to <3. We can also introduce a new feature to configure SSL_OP_LEGACY_SERVER_CONNECT as this ticket proposes. Given that 1) the choice in network proxy can be outside the control of the app developer and 2) downgrading openssl is not a long term solution, I vote we move forward on introducing a new option. Note that it's technically possible to set this option by default by I would advise against it due to the security concerns explained in the docs for SECURE RENEGOTIATION:
|